docker

alpine/.bashrc

@@ -5,6 +5,9 @@ echo "alias:    set_prod"
 
 export hosts_file="/app/hosts.dev"
 
+export PS1="\[\e[32m\]\h:\w\$\[\e[0m\] "
+df -h .
+
 set_prod() {
     export HOSTS_FILE="/app/hosts.all"
     echo "HOSTS_FILE set to: $HOSTS_FILE"

app/etc/repositories

@@ -0,0 +1,3 @@
+http://alpinelinux.c3sl.ufpr.br/v3.22/main
+http://alpinelinux.c3sl.ufpr.br/v3.22/community
+

app/templates/docker-compose.yml

@@ -0,0 +1,41 @@
+services:
+
+  beedb:
+    image: postgres:16
+    restart: always
+    environment:
+      - POSTGRES_DB=postgres
+      - POSTGRES_PASSWORD=deradmin
+      - POSTGRES_USER=deradmin1
+    volumes:
+      - /OD8N/data/postgres:/var/lib/postgresql/data/
+      - /OD8N/data/pg_backup/:/BACKUP/
+    networks:
+      4projects:
+        ipv4_address: 10.5.0.200
+
+  traefik:
+    image: docker.io/library/traefik:3.1
+    container_name: traefik
+    ports:
+      - 80:80
+      - 443:443
+        #- 8080:8080
+    volumes:
+      - /run/docker.sock:/run/docker.sock:ro
+      - /OD8N/config/traefik/etc:/etc/traefik
+      - /OD8N/data/traefik/certs:/certs
+      - /OD8N/data/traefik/traefik-logs:/var/log/traefik
+    networks:
+      - 4projects
+    restart: unless-stopped
+
+networks:
+  4projects:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 10.5.0.0/16
+          gateway: 10.5.0.1
+          ip_range: 10.5.0.0/26
+

app/templates/traefik.yaml

@@ -0,0 +1,101 @@
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+
+# -- (Optional) Change Log Level and Format here...
+#     - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL]
+#     - format [common, json, logfmt]
+# log:
+#  level: ERROR
+#  format: common
+#  filePath: /var/log/traefik/traefik.log
+
+# -- (Optional) Enable Accesslog and change Format here...
+#     - format [common, json, logfmt]
+accesslog:
+#   format: common
+  filePath: /var/log/traefik/access.log
+
+# -- (Optional) Enable API and Dashboard here, don't do in production
+api:
+  dashboard: true
+  disableDashboardAd: true
+  insecure: true
+
+# -- Change EntryPoints here...
+entryPoints:
+  web:
+    address: :80
+    # -- (Optional) Redirect all HTTP to HTTPS
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    #    http:
+    #  middlewares:
+    #    - crowdsec-bouncer@file
+    address: :443
+    transport:
+      respondingTimeouts:
+        readTimeout: 0
+        writeTimeout: 0
+        idleTimeout: 42
+  # -- (Optional) Add custom Entrypoint
+  # custom:
+  #   address: :8080
+
+# -- Configure your CertificateResolver here...
+certificatesResolvers:
+#   staging:
+#     acme:
+#       email: your-email@example.com
+#       storage: /etc/traefik/certs/acme.json
+#       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+#       httpChallenge:
+#         entryPoint: web
+
+  production:
+    acme:
+      email: oliver@odoo4projects.com
+      storage: /certs/acme.json
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+      httpChallenge:
+        entryPoint: web
+
+# -- (Optional) Disable TLS Cert verification check
+# serversTransport:
+#   insecureSkipVerify: true
+
+# -- (Optional) Overwrite Default Certificates
+# tls:
+#   stores:
+#     default:
+#       defaultCertificate:
+#         certFile: /etc/traefik/certs/cert.pem
+#         keyFile: /etc/traefik/certs/cert-key.pem
+# -- (Optional) Disable TLS version 1.0 and 1.1
+#   options:
+#     default:
+#       minVersion: VersionTLS12
+
+providers:
+  docker:
+    # -- (Optional) Enable this, if you want to expose all containers automatically
+    exposedByDefault: true
+  file:
+    directory: /etc/traefik
+    watch: true
+
+
+http:
+  middlewares:
+    crowdsec-bouncer:
+      forwardauth:
+        address: http://bouncer-traefik:8080/api/v1/forwardAuth
+        trustForwardHeader: true
+
+
+
+

app/update

@@ -1,16 +1,24 @@
 #!/bin/bash
 
+### SYSTEM SETUP
 ass doas mkdir -p /OD8N
 ass doas chmod 777 /OD8N
 ass mkdir -p /OD8N/data
 
-
+### PACKAGES
+prsync -h "$hosts_file" -avz ./etc/repositories /OD8N/repositories
+ass doas mv /OD8N/repositories /etc/apk/ 
 ass doas apk update
 ass doas apk upgrade
-ass doas apk add jq rsync mc vim
+ass doas apk add jq rsync mc vim docker docker-compose htop linux-lts sqlite
 
+
+### own bins
 prsync -h "$hosts_file" -avz ./bin/OD8N/sbin/ /OD8N/sbin/
 
+
+### API
+
 #INSTALL API KEYS
 template templates/od8n /OD8N/od8n ./host_vars            
 ass doas mv /OD8N/od8n /etc/od8n
@@ -23,3 +31,17 @@ ass doas chown root:root /etc/init.d/od8n-api
 ass doas rc-update add od8n-api default
 ass doas rc-service od8n-api restart
 ass doas rc-update add od8n-api default
+
+
+### Infrastructure
+##### Docker
+ass doas rc-service docker start
+ass doas rc-update add docker boot
+
+ass mkdir /OD8N/config/
+template templates/traefik.yaml /OD8N/config/traefik.yaml ./host_vars
+
+
+template templates/docker-compose.yml /OD8N/docker-compose.yml ./host_vars
+ass doas docker-compose -f /OD8N/docker-compose.yml up -d
+